25.1 About System Security

Oracle Linux provides a complete security stack, from network firewall control to access
control security policies, and is designed to be secure by default.

Traditional Linux security is based on a Discretionary Access Control (DAC) policy, which
provides minimal protection from broken software or from malware that is running as a normal
user or as root. The SELinux enhancement to the Linux kernel implements the
Mandatory Access Control (MAC) policy, which allows you to define a security policy that
provides granular permissions for all users, programs, processes, files, and devices. The
kernel's access control decisions are based on all the security relevant information
available, and not solely on the authenticated user identity. By default, SELinux is enabled
when you install an Oracle Linux system.

Oracle Linux has evolved into a secure enterprise-class operating system that can provide
the performance, data integrity, and application uptime necessary for business-critical
production environments.

Thousands of production systems at Oracle run Oracle Linux and numerous internal
developers use it as their development platform. Oracle Linux is also at the heart of several
Oracle engineered systems, including the Oracle Exadata Database Machine, Oracle Exalytics
In-Memory Machine, Oracle Exalogic Elastic Cloud, and Oracle Database Appliance.

Oracle On Demand services, which deliver software as a service (SaaS) at a customer's
site, via an Oracle data center, or at a partner site, use Oracle Linux at the foundation of
their solution architectures. Backed by Oracle support, these mission-critical systems and
deployments depend fundamentally on the built-in security and reliability features of the
Oracle Linux operating system.

Released under an open-source license, Oracle Linux includes the Unbreakable Enterprise
Kernel that provides the latest Linux innovations while offering tested performance and
stability. Oracle has been a key participant in the Linux community, contributing code
enhancements such as Oracle Cluster File System and the Btrfs file system. From a security
perspective, having roots in open source is a significant advantage. The Linux community,
which includes many experienced developers and security experts, reviews posted Linux code
extensively prior to its testing and release. The open-source Linux community has supplied
many security improvements over time, including access control lists (ACLs), cryptographic
libraries, and trusted utilities.